On Designing A Questionnaire Based Legacy-UI Honeyword Generation Approach For Achieving Flatness
Abstract:
Modern trend sees a lot usage of honeywords or fake password for protecting the original passwords in the password file. However, the usage of honeywords has strongly been criticized under the different security and usability parameters. Though many of these issues have been successfully resolved, research in this domain is still facing difficulties in achieving flatness (or producing the equally probable honeywords with reference to the original password). Though recent studies have made a significant effort to meet this criterion, we show that they either fall short or are based on some unrealistic assumptions. To practically fulfill this flatness criterion, we propose a questionnaire-oriented authentication system based on the episodic (or long term) memory of the users. Our study reveals that proposed mechanism is capable of generating significantly improved flatter list of honeywords compared to the existing protocols. The subsequent discussion shows that the proposed system also overcomes all the limitations of the existing state of arts with no lesser than 95% goodness.
Link to Paper: https://arxiv.org/abs/1708.01295